package com.ibm.ws.security.web;

import com.ibm.IExtendedSecurityPriv.PrincipalAuthenticator;
import com.ibm.ISecurityLocalObjectBaseL13Impl.CurrentImpl;
import com.ibm.ISecurityLocalObjectBasicAuthImpl.CredentialsImpl;
import com.ibm.WebSphereSecurity.AuthenticationFailedException;
import com.ibm.WebSphereSecurity.Credential;
import com.ibm.ejs.models.base.config.security.LocalOSAuthentication;
import com.ibm.ejs.models.base.config.security.Security;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.SecurityCollaborator;
import com.ibm.ejs.security.SecurityContext;
import com.ibm.ejs.security.SecurityServer;
import com.ibm.ejs.security.util.Base64Coder;
import com.ibm.ejs.security.util.Constants;
import com.ibm.ejs.security.util.CredentialCache;
import com.ibm.ejs.security.util.LTPAValidationCache;
import com.ibm.ejs.security.util.StringUtil;
import com.ibm.servlet.engine.srt.IPrivateRequestAttributes;
import com.ibm.servlet.engine.srt.SRTServletRequest;
import com.ibm.servlet.engine.webapp.WebAppDispatcherRequest;
import com.ibm.servlet.personalization.sessiontracking.IHttpSession;
import com.ibm.websphere.security.TrustAssociationInterceptor;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.websphere.security.WebTrustAssociationUserException;
import com.ibm.ws.runtime.Server;
import java.security.cert.X509Certificate;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.xerces.validators.schema.SchemaSymbols;
import org.omg.CORBA.Any;
import org.omg.Security.Attribute;
import org.omg.Security.OpaqueHolder;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.CredentialsHolder;

/* loaded from: input_file:lib/security.jarcom/ibm/ws/security/web/WebAuthenticator.class */
public class WebAuthenticator {
    private static final TraceComponent tc;
    private static WebAuthenticator webAuthInstance;
    private CurrentImpl securityCurrent = null;
    private PrincipalAuthenticator principalAuthenticator = null;
    private boolean ltpaEnabled = false;
    private static final int DEFAULT_METHOD = 0;
    private static final int AUTHDATA_METHOD = 0;
    private static final int TOKEN_METHOD = 131072;
    public static final String CREDENTIAL_CACHE_SIZE = "com.ibm.websphere.security.util.CredentialCacheSize";
    public static final String LTPA_VALIDATION_CACHE_SIZE = "com.ibm.websphere.security.util.LTPAValidationCacheSize";
    private static final String nullString = "";
    private static final String[] nullStringArray;
    private static AuthenticationResult AUTHN_FAILED_RESULT;
    private static AuthenticationResult CRED_FAILED_RESULT;
    protected static CredentialCache credentialCache;
    protected static LTPAValidationCache validationCache;
    protected static TrustAssociationManager taManager;
    public static final String FormUserName = "__WAS_FORM_USERNAME";
    public static final String FormPassword = "__WAS_FORM_PASSWORD";
    private Security securityConfig;
    static Class class$com$ibm$ws$security$web$WebAuthenticator;

    public static WebAuthenticator create() {
        if (webAuthInstance == null) {
            webAuthInstance = new WebAuthenticator();
        }
        return webAuthInstance;
    }

    public static WebAuthenticator getInstance() {
        return webAuthInstance;
    }

    private WebAuthenticator() {
        initializeSas();
        this.securityConfig = Server.getServerInstance().getApplicationServer().getNode().getDomain().getSecurity();
        taManager = TrustAssociationManager.create(this.securityConfig);
    }

    private AuthenticationResult handleTrustAssociation(WebAttributes webAttributes, HttpServletRequest httpServletRequest) throws Exception {
        String str = null;
        String realm = webAttributes.getRealm();
        if (tc.isEntryEnabled()) {
            Tr.debug(tc, "handleTrustAssociation");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "TrustAssociation is enabled.");
        }
        TrustAssociationInterceptor interceptor = TrustAssociationManager.getInterceptor(httpServletRequest);
        if (interceptor != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "A TrustAssociation interceptor is available for this request.");
            }
            try {
                interceptor.validateEstablishedTrust(httpServletRequest);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "TrustAssociation has been validated successfully.");
                }
                str = interceptor.getAuthenticatedUsername(httpServletRequest);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Username retrieved is [").append(str).append("]").toString());
                }
            } catch (WebTrustAssociationUserException e) {
                Tr.error(tc, Constants.nls.getString("security.web.ta.userex", "Did not find a valid user for TrustAssociation."), e);
                return new AuthenticationResult(2, e.getMessage());
            } catch (WebTrustAssociationFailedException e2) {
                Tr.error(tc, Constants.nls.getString("security.web.ta.validationfailed", "TrustAssociation failed during validation"), e2);
                return new AuthenticationResult(2, e2.getMessage());
            } catch (Exception e3) {
                Tr.error(tc, Constants.nls.getString("security.web.ta.genexc", "An unexpected exception occurred during TrustAssociation."), e3);
                e3.printStackTrace();
                return new AuthenticationResult(2, e3.getMessage());
            }
        }
        if (str != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Map credentials for ").append(str).append(".").toString());
            }
            try {
                Credential credential = new Credential(str.getBytes(), -1L, nullString, "TrustAssociation", nullStringArray, nullString, nullStringArray);
                Credentials systemCred = SecurityContext.setSystemCred();
                try {
                    Credential mapCredential = getSecurityServer().mapCredential(realm, credential);
                    SecurityContext.restoreOriginalCred(systemCred);
                    AuthenticationResult validate = validate(realm, mapCredential.credentialToken);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Mapped credential for TrustAssociation was validated successfully.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleTrustAssociation: OK");
                    }
                    return validate;
                } catch (Exception e4) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Credential Mapping for TrustAssociation failed.");
                    }
                    SecurityContext.restoreOriginalCred(systemCred);
                    throw e4;
                }
            } catch (Exception e5) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("Error in mapping credential for Trust Association:").append(str).toString());
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "handleTrustAssociation: (null user)");
        return null;
    }

    private AuthenticationResult handleSSO(WebAttributes webAttributes, HttpServletRequest httpServletRequest) {
        String lTPACookieName = webAttributes.getLTPACookieName();
        String realm = webAttributes.getRealm();
        Cookie[] cookies = httpServletRequest.getCookies();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleSSO");
        }
        if (cookies != null) {
            String cookieValue = getCookieValue(cookies, lTPACookieName);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("A cookie was received. The name is ").append(lTPACookieName).append(" and the value is ").append(cookieValue == null ? "NULL" : cookieValue).toString());
            }
            if (cookieValue != null && cookieValue.length() > 0) {
                byte[] bytes = StringUtil.getBytes(Base64Coder.base64Decode(cookieValue));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "base64 ltpa token: ", cookieValue);
                    Tr.debug(tc, "Validating the LTPA token that was retrieved from the cookie.");
                }
                AuthenticationResult validate = validate(realm, bytes);
                if (validate.getStatus() == 1) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "The LTPA token was valid.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleSSO", "successful ltpa token validation");
                    }
                    ((IPrivateRequestAttributes) httpServletRequest).setPrivateAttribute("AUTH_TYPE", webAttributes.getChallengeType());
                    return validate;
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "handleSSO: (null)");
        return null;
    }

    private AuthenticationResult handleCustomLogin(WebAttributes webAttributes, HttpServletRequest httpServletRequest) {
        String realm = webAttributes.getRealm();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleCustomLogin");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Form based login is configured for the resource");
        }
        String loginURL = webAttributes.getLoginURL();
        boolean z = false;
        String property = System.getProperty("com.ibm.websphere.sendredirect.compliance");
        if (property != null) {
            z = property.equals("1") || property.equalsIgnoreCase(SchemaSymbols.ATTVAL_TRUE);
        }
        String contextPath = httpServletRequest.getContextPath();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("sendRedirectComplianceMode = [").append(z).append("]").toString());
            if (z) {
                Tr.debug(tc, new StringBuffer().append("contextPath = [").append(contextPath).append("]").toString());
            }
        }
        if (loginURL.startsWith("/") && contextPath != null && !contextPath.equals("/") && z) {
            loginURL = new StringBuffer().append(contextPath).append(loginURL).toString();
        }
        String reloginURL = webAttributes.getReloginURL();
        if (reloginURL.startsWith("/") && contextPath != null && !contextPath.equals("/") && z) {
            reloginURL = new StringBuffer().append(contextPath).append(reloginURL).toString();
        }
        String str = this.securityConfig.getActiveAuthMechanism() instanceof LocalOSAuthentication ? "LOCALOS" : "LTPA";
        if (str.equals("LOCALOS")) {
            IHttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Form based login: Using HTTP Sessions");
                }
                FormLoginInfo formLoginInfo = (FormLoginInfo) session.getSecurityInfo();
                String str2 = null;
                String str3 = null;
                if (formLoginInfo != null) {
                    str2 = formLoginInfo.getUsername();
                    str3 = formLoginInfo.getPassword();
                }
                if (str2 != null && str3 != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Form based login: Userid/password present in the session");
                    }
                    AuthenticationResult basicAuthenticate = basicAuthenticate(realm, str2, str3);
                    if (basicAuthenticate.getStatus() == 2) {
                        basicAuthenticate = new AuthenticationResult(4, reloginURL);
                    } else {
                        session.removeAttribute("WASReqURL");
                    }
                    ((IPrivateRequestAttributes) httpServletRequest).setPrivateAttribute("AUTH_TYPE", "FORM");
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleCustomLogin");
                    }
                    return basicAuthenticate;
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Form based login: No HTTP Session");
            }
        } else {
            AuthenticationResult handleSSO = handleSSO(webAttributes, httpServletRequest);
            if (handleSSO != null) {
                Tr.exit(tc, "handleCustomLogin");
                return handleSSO;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Form based login: No or Bad ltpa cookie ");
            }
        }
        StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getServletPath());
        if (httpServletRequest.getPathInfo() != null) {
            stringBuffer.append(httpServletRequest.getPathInfo());
        }
        if (httpServletRequest.getQueryString() != null) {
            stringBuffer.append("?");
            stringBuffer.append(httpServletRequest.getQueryString());
        }
        String stringBuffer2 = stringBuffer.toString();
        if (stringBuffer2.startsWith("/") && contextPath != null && !contextPath.equals("/") && z) {
            stringBuffer2 = new StringBuffer().append(contextPath).append(stringBuffer2).toString();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Form based login: Stored original request : ").append(stringBuffer2).toString());
        }
        AuthenticationResult authenticationResult = new AuthenticationResult(4, loginURL);
        if (str.equals("LOCALOS")) {
            IHttpSession session2 = httpServletRequest.getSession(true);
            FormLoginInfo formLoginInfo2 = (FormLoginInfo) session2.getSecurityInfo();
            if (formLoginInfo2 == null) {
                formLoginInfo2 = new FormLoginInfo();
            }
            formLoginInfo2.setRefererURL(stringBuffer2);
            session2.putSecurityInfo(formLoginInfo2);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Form based login: Referer URL set  in session ").append(stringBuffer2).toString());
            }
        } else {
            Cookie cookie = new Cookie("WASReqURL", stringBuffer2);
            cookie.setPath("/");
            cookie.setMaxAge(-1);
            authenticationResult.setCookie(cookie);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Form based login: Referer URL cookie set ").append(stringBuffer2).toString());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleCustomLogin", new StringBuffer().append("Redirecting to a login form").append(loginURL).toString());
        }
        return authenticationResult;
    }

    private AuthenticationResult handleCertificates(WebAttributes webAttributes, HttpServletRequest httpServletRequest) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleCertificates");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Challenge type used is CERT.");
        }
        String str = "Cert";
        AuthenticationResult authenticationResult = null;
        String realm = webAttributes.getRealm();
        try {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.net.ssl.peer_certificates");
            if (x509CertificateArr == null) {
                if (!webAttributes.isDefaultToBasic()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No certificate provided and default to basic is false.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "handleCertificates");
                    }
                    return new AuthenticationResult(2, "No Client Certificate Available", (Cookie) null);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No certificate was provided but defaulting to BASIC.");
                }
                str = "Basic";
            }
            if (!str.equalsIgnoreCase("Basic")) {
                Credential credential = new Credential(x509CertificateArr[0].getEncoded(), -1L, nullString, nullString, nullStringArray, nullString, nullStringArray);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Map credential for this certificate.");
                }
                Credentials systemCred = SecurityContext.setSystemCred();
                try {
                    Credential mapCredential = getSecurityServer().mapCredential(realm, credential);
                    SecurityContext.restoreOriginalCred(systemCred);
                    authenticationResult = validate(realm, mapCredential.credentialToken);
                    authenticationResult.setCookie((Cookie) null);
                } catch (Exception e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Credential Mapping for Certificate failed.");
                    }
                    SecurityContext.restoreOriginalCred(systemCred);
                    throw e;
                }
            }
        } catch (Exception e2) {
            if (!webAttributes.isDefaultToBasic()) {
                throw e2;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception occurred while processing certificate: ").append(e2.getMessage()).toString());
                Tr.debug(tc, "Defaulting to Basic");
            }
        }
        ((IPrivateRequestAttributes) httpServletRequest).setPrivateAttribute("AUTH_TYPE", "CERT");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleCertificates");
        }
        return authenticationResult;
    }

    static final String getHeader(HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest instanceof WebAppDispatcherRequest) {
            SRTServletRequest proxiedHttpServletRequest = ((WebAppDispatcherRequest) httpServletRequest).getProxiedHttpServletRequest();
            if (proxiedHttpServletRequest instanceof SRTServletRequest) {
                return proxiedHttpServletRequest.getHeaderDirect(str);
            }
        }
        return httpServletRequest.getHeader(str);
    }

    private AuthenticationResult handleBasicAuth(WebAttributes webAttributes, HttpServletRequest httpServletRequest) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleBasicAuth");
        }
        webAttributes.getLTPACookieName();
        String realm = webAttributes.getRealm();
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "basic 401");
            }
            AuthenticationResult authenticationResult = new AuthenticationResult(3, realm, (Cookie) null);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleBasicAuth");
            }
            return authenticationResult;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Authorization: ").append(header).toString());
        }
        String base64Decode = Base64Coder.base64Decode(header.substring(6));
        int indexOf = base64Decode.indexOf(58);
        if (indexOf < 0) {
            AuthenticationResult authenticationResult2 = new AuthenticationResult(3, realm, (Cookie) null);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to find username/password info -- Sending 401.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleBasicAuth");
            }
            return authenticationResult2;
        }
        AuthenticationResult basicAuthenticate = basicAuthenticate(realm, base64Decode.substring(0, indexOf), base64Decode.substring(indexOf + 1));
        int status = basicAuthenticate.getStatus();
        if ((status == 3 || status == 2) && status == 2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Authentication failed after calling basicAuthenticate");
            }
            basicAuthenticate = new AuthenticationResult(3, realm, (Cookie) null);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleBasicAuth");
        }
        return basicAuthenticate;
    }

    public AuthenticationResult authenticate(WebAttributes webAttributes, HttpServletRequest httpServletRequest) {
        AuthenticationResult authenticationResult;
        Cookie cookie;
        AuthenticationResult handleCertificates;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "authenticate");
        }
        try {
            boolean z = false;
            String lTPACookieName = webAttributes.getLTPACookieName();
            String challengeType = webAttributes.getChallengeType();
            authenticationResult = null;
            if (this.ltpaEnabled && webAttributes.isSSOEnabled()) {
                z = webAttributes.isSecureSSO() ? httpServletRequest.getScheme().equalsIgnoreCase("https") : true;
                authenticationResult = handleSSO(webAttributes, httpServletRequest);
                if (authenticationResult != null) {
                    return authenticationResult;
                }
            }
            if (TrustAssociationManager.isTrustAssociationEnabled) {
                authenticationResult = handleTrustAssociation(webAttributes, httpServletRequest);
            }
            if (authenticationResult == null) {
                if (challengeType.equalsIgnoreCase("Custom")) {
                    return handleCustomLogin(webAttributes, httpServletRequest);
                }
                if (challengeType.equalsIgnoreCase("Cert") && (handleCertificates = handleCertificates(webAttributes, httpServletRequest)) != null) {
                    return handleCertificates;
                }
                authenticationResult = handleBasicAuth(webAttributes, httpServletRequest);
            }
            if (authenticationResult.getStatus() == 1) {
                ((IPrivateRequestAttributes) httpServletRequest).setPrivateAttribute("AUTH_TYPE", "Basic");
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Successful authentication");
                }
                if (z) {
                    cookie = createCookie(lTPACookieName, Base64Coder.base64Encode(StringUtil.toString(authenticationResult.getCredentialToken())), webAttributes);
                    webAttributes.copyInto(cookie);
                    authenticationResult.setCookie(cookie);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("Set-Cookie: ").append(cookie).toString());
                    }
                } else {
                    cookie = null;
                }
                authenticationResult.setCookie(cookie);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Exception occurred: ").append(e.getMessage()).toString());
                Tr.debug(tc, "Authentication failed.");
            }
            authenticationResult = new AuthenticationResult(2, e.getMessage());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "authenticate");
        }
        return authenticationResult;
    }

    private Cookie createCookie(String str, String str2, WebAttributes webAttributes) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, new StringBuffer().append("createCookie ").append(str).append(" ").append(str2).toString());
        }
        Cookie cookie = new Cookie(str, str2);
        webAttributes.copyInto(cookie);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createCookie");
        }
        return cookie;
    }

    public static String getCookieValue(Cookie[] cookieArr, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCookieValue", str);
        }
        String str2 = null;
        if (cookieArr != null) {
            int i = 0;
            while (true) {
                if (i >= cookieArr.length) {
                    break;
                }
                if (str.equals(cookieArr[i].getName())) {
                    str2 = cookieArr[i].getValue();
                    break;
                }
                i++;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCookieValue", str2);
        }
        return str2;
    }

    public AuthenticationResult validate(String str, byte[] bArr) {
        AuthenticationResult authenticationResult;
        Credentials credential;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate");
        }
        try {
            credential = validationCache.getCredential(bArr);
        } catch (Exception e) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate", e);
            }
            authenticationResult = new AuthenticationResult(2, e.getMessage());
        }
        if (credential == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validate: LTPA token validation failed");
            }
            return AUTHN_FAILED_RESULT;
        }
        authenticationResult = new AuthenticationResult(1, credential);
        authenticationResult.realm = str;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validate");
        }
        return authenticationResult;
    }

    private void initializeSas() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initializeSas");
        }
        try {
            if (this.securityCurrent == null) {
                this.securityCurrent = SecurityContext.getCurrent();
                if (this.securityCurrent == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Can't get SAS current!");
                    }
                    throw new IllegalStateException("can't get SAS current");
                }
            }
            if (this.principalAuthenticator == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "getting SAS current principal authenticator");
                }
                Security security = Server.getServerInstance().getApplicationServer().getNode().getDomain().getSecurity();
                int i = (security == null || (security.getActiveAuthMechanism() instanceof LocalOSAuthentication)) ? 2 : 1;
                this.ltpaEnabled = i == 1;
                try {
                    this.principalAuthenticator = this.securityCurrent.principal_authenticator(i);
                    int i2 = 10;
                    Integer cacheTimeout = security.getCacheTimeout();
                    if (cacheTimeout != null && cacheTimeout.intValue() > 0) {
                        i2 = cacheTimeout.intValue();
                    }
                    String property = System.getProperty(CREDENTIAL_CACHE_SIZE);
                    String property2 = System.getProperty(LTPA_VALIDATION_CACHE_SIZE);
                    if (property == null) {
                        property = "200";
                    }
                    if (property2 == null) {
                        property2 = "200";
                    }
                    credentialCache = new CredentialCache(this.principalAuthenticator, new Integer(property).intValue(), i2 * 1000);
                    validationCache = new LTPAValidationCache(this.principalAuthenticator, new Integer(property2).intValue(), i2 * 1000);
                } catch (ClassCastException e) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Wrong type of Principal Authenticator");
                    }
                    throw new IllegalStateException("wrong type for PrincipalAuthenticator");
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeSas");
            }
        } catch (Exception e2) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "initializeSas", e2);
            }
            throw new IllegalStateException(e2.getMessage());
        }
    }

    public AuthenticationResult basicAuthenticate(String str, String str2, String str3) {
        AuthenticationResult authenticationResult;
        Credentials credential;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "basicAuthenticate");
        }
        try {
            credential = credentialCache.getCredential(str2, str3);
        } catch (Exception e) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "basicAuthenticate", e);
            }
            authenticationResult = new AuthenticationResult(2, e.getMessage());
        }
        if (credential == null) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "basicAuthenticate: authentication failed");
            }
            return AUTHN_FAILED_RESULT;
        }
        authenticationResult = new AuthenticationResult(1, credential);
        authenticationResult.realm = str;
        authenticationResult.userName = str2;
        authenticationResult.passWord = str3;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "basicAuthenticate");
        }
        return authenticationResult;
    }

    protected Credentials setSasBasicAuth(String str, String str2, String str3) throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSasBasicAuth");
        }
        byte[] bArr = null;
        if (str3 != null) {
            bArr = str3.getBytes();
        }
        CredentialsHolder credentialsHolder = new CredentialsHolder();
        if (this.principalAuthenticator.authenticate(0, str2, bArr, (Attribute[]) null, credentialsHolder, new OpaqueHolder(), new OpaqueHolder()).value() != 0) {
            Tr.debug(tc, "Authentication Failed");
            return null;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSasBasicAuth");
        }
        return credentialsHolder.value;
    }

    public Credentials getActualCredentials(Credentials credentials) throws AuthenticationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getActualCredentials");
        }
        if (credentials instanceof CredentialsImpl) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "getting SAS mapped credentials");
            }
            try {
                credentials = ((CredentialsImpl) credentials).get_mapped_credentials((String) null, nullString, (Any) null);
            } catch (Exception e) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "getActualCredentials", e);
                }
                throw new AuthenticationFailedException();
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getActualCredentials");
        }
        return credentials;
    }

    public Credentials getPreferredCredentials(Credentials credentials, Credentials credentials2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPreferredCredentials");
        }
        return credentials != null ? credentials : credentials2;
    }

    private SecurityServer getSecurityServer() {
        return SecurityCollaborator.getSecurityServer();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$web$WebAuthenticator == null) {
            cls = class$("com.ibm.ws.security.web.WebAuthenticator");
            class$com$ibm$ws$security$web$WebAuthenticator = cls;
        } else {
            cls = class$com$ibm$ws$security$web$WebAuthenticator;
        }
        tc = Tr.register(cls);
        webAuthInstance = null;
        nullStringArray = new String[0];
        AUTHN_FAILED_RESULT = new AuthenticationResult(2, "Authentication Failed");
        CRED_FAILED_RESULT = new AuthenticationResult(2, "credential validation failure");
        credentialCache = null;
        validationCache = null;
        taManager = null;
    }
}
